b'                       UNITED STATES NUCLEAR REGULATORY COMMISSION\n                                                                             June 2007\n                                                                             NUREG/BR-0304 Volume 4, Number 1\n\n\n\n\n                                OIG Information Digest\n\n                                          Identity Theft\nThe Office of the Inspector General (OIG) first published information on Identity Theft in\nMarch 2000 and again in April 2003. In the four years since the last publication, this country         Inside this issue:\nhas seen an enormous growth in identity theft and the variety of ways in which a person\xe2\x80\x99s              Identity Theft   1-3\nidentity can be stolen. The individuals that commit this fraud have become very sophisti-\ncated and use many tools to steal your identity.                                                       Watch Out For    4\n                                                                                                       Scams\nEarlier this year, the OIG received information that Employee Express accounts had been\ncompromised including one for an NRC employee. OIG has also investigated numerous in-                  Phishing         4-5\nstances where NRC small purchases and travel cards have been compromised. All these\ninstances should warn that identity theft can strike each of us.                                       OIG Cases on     6\n                                                                                                       Identity Theft\nIn this issue, we will provide you with new information on the different scams and ways to\n                                                                                                       Helpful Phone    7\nprotect yourself and your family in your professional and personal life.                               Numbers\n\n\nInformation Regarding Identity Theft (Information from National\nConsumers League and the Federal Trade Commission)\n\n1. What is Identity Theft?                               Changing your address\xe2\x80\x94The thief diverts your bill-\nIdentity theft involves someone utilizing your identi-   ing statements to another location by filling out a\nfying information to acquire goods or services in        \xe2\x80\x9cchange of address\xe2\x80\x9d form.\nyour name through the use of credit or debit cards,      Just Plain Stealing\xe2\x80\x94Someone steals your wallet or\nchecks, or other documents.                              purse, mail, pre-approved credit card offers,\nIdentity theft is a considerable problem for anyone,     checks, and income tax information. Sometimes\nbut is especially problematic for those people who       employees steal personnel\nrely on ATM, credit cards, and other remote access       records from other employees or\nfinancial services.                                      bribe others who have that infor-\n                                                         mation to steal your identity.\n2. How Identity Theft Can Happen\n                                                         3. Detecting Identity Theft\nDumpster Diving\xe2\x80\x94Someone rummages through\nyour trash looking for bills or other documents con-     The first line of defense is aware-\ntaining personal information.                            ness. Look out for:\n\nSkimming\xe2\x80\x94Stealing credit or debit card information       \xe2\x80\xa2   Unusual purchases on your credit cards.\nby using a special storage device while processing       \xe2\x80\xa2   Being denied a loan for which you qualify.\nyour card.                                               \xe2\x80\xa2   Bank statements that do not agree with per-\nPhishing\xe2\x80\x94Someone pretends to be from your bank-              sonal records.\ning or credit card institution and emails pop-up mes-    \xe2\x80\xa2   Unexplained changes in your bank access\nsages or spam to get you to reveal personal infor-           codes.\nmation.\n\x0cIdentity Theft (cont. from page 1)\n\xe2\x80\xa2   Unusual calls regarding your personal or financial          are missing or late.\n    information.                                           \xe2\x80\xa2    Remove your Social Security Number from\n\xe2\x80\xa2   Unexplained charges on phone or other consumer              checks\n    accounts.                                              \xe2\x80\xa2    Do not carry your social security card in your wal-\n4. Preventing Identity Theft                                    let unless needed.\n\xe2\x80\xa2   Cut up all credit cards for which you have no use.     \xe2\x80\xa2    Order your credit report from Experian, Trans Un-\n\xe2\x80\xa2   Shred bank or other financial statements and                ion, or Equifax (phone numbers are listed on\n    any other documents containing personal informa-            page 6) once a year and look for any anomalies.\n    tion such as Social Security Number, date of birth,    5.   If victimized, documentation is key.\n    etc.                                                   In the worst cases, identity thieves\n\xe2\x80\xa2   Be creative when you select a password. Don\xe2\x80\x99t be       make enormous unauthorized pur-\n    obvious by using your phone number, address,           chases. By law, once you report the\n    birth date, names of children or pets, the last four   loss, theft, or fraud you have no further\n    digits of your Social Security Number, or any for-     responsibility for unauthorized charges.\n    mat that could easily be decoded by thieves.           In any event, your maximum liability un-\n\xe2\x80\xa2   Destroy pre-approved credit card offers before         der Federal law is $50 per card, and\n    you throw them out.                                    most issuers will waive the fee. The bad news is that\n                                                           clearing up your credit records requires significant\n\xe2\x80\xa2   Make a list of all credit cards, ATM cards, and        effort and can take a year or even longer.\n    bank accounts and the phone numbers associated\n    with each, and keep this list in a safe                By monitoring your personal finances and following\n    place.                                                 the suggestions in this newsletter, you may be able\n                                                           to prevent or minimize losses due to fraud and iden-\n\xe2\x80\xa2   Always use secure Web sites for                        tity theft. It is important to act quickly, effectively,\n    Internet purchases. You can tell a                     and assertively to minimize the\n    secure site by the little padlock at the               damage.\n    bottom of the page and/or the change at the top of\n    the page from http to either \xe2\x80\x9cshttp\xe2\x80\x9d or \xe2\x80\x9chttps.\xe2\x80\x9d       6. What to do if you are a victim:\n                                                           Here are the initial actions victims of\n\xe2\x80\xa2   Do not discuss financial matters on wireless or        identity theft should take to begin the\n    cellular phones.                                       investigative and recovery processes.\n\xe2\x80\xa2   Write or call the department of motor vehicles to      Report the crime to your local po-\n    have your personal information protected from dis-     lice immediately. File a detailed police report. Pro-\n    closure.                                               vide as much documented evidence and information\n\xe2\x80\xa2   Do not use your mother\xe2\x80\x99s maiden name as a pass-        as possible. Keep a copy of the incident report and\n    word on your credit cards...ask if you can use         give it to creditors, banks, and merchants who ask\n    something else.                                        for a copy of a police report as part of the fraud in-\n\xe2\x80\xa2   Be wary of anyone calling or emailing to               vestigation.\n    \xe2\x80\x9cconfirm\xe2\x80\x9d personal information.                        Call the fraud unit at each of the big three credit\n\xe2\x80\xa2   Thoroughly and promptly review all bank, credit        bureaus (Equifax, Experian, and Trans Union) to\n    card, and phone statements for unusual activity.       notify them of what has happened. Request cop-\n                                                           ies of your credit reports and ask the bureaus to\n\xe2\x80\xa2   Monitor when new credit cards, checks, or ATM\n                                                           place a \xe2\x80\x9cfraud alert\xe2\x80\x9d in your files along with a mes-\n    cards are being mailed to you and report any that\n                                                           sage asking future creditors to verify by telephone\n\n     Page 2                                                                            OIG Information Digest\n\x0cIdentity Theft (cont. from page 2)\nany applications added to your report. Follow up with              from you. Request that all changes                      be\na written letter.                                                  verified.\nDo not pay any bill or charges that result from             If you have a passport, notify the\nidentity theft. Contact all creditors immediately with      passport office in writing to be on\nwhom your name has been used fraudulently by                the lookout for anyone ordering a\nphone and in writing.                     Photocopy your driver\xe2\x80\x99s license, medical cards, grocery store cards, and all charge\nWrite a \xe2\x80\x9cvictim\xe2\x80\x9d statement of 100            cards with their telephone numbers and keep the copies in a safe place in case your\n                                             wallet is stolen or you are a victim of identity theft.\nwords or less and send to each of the\ncredit bureaus to include with your credit file.\n                                                                 new passport in your name.\nGet copies of your credit reports monthly following\nyour initial report for at least several months to check         As appropriate, contact an attorney to help en-\n                                                                 sure that you are not victimized again while at-\nfor any new fraudulent accounts. The credit bureau\n                                                                 tempting to resolve this fraud. In order to prove\nshould provide these for free.\n                                                                 your innocence, be prepared to fill out affidavits of\nCall all of your credit card issu-                               forgeries for banks, credit grantors, and recipients\ners to close your accounts with the                              of stolen checks.\nnotation \xe2\x80\x9caccount closed at con-\nsumer\xe2\x80\x99s request\xe2\x80\x9d and get new credit cards with new               Be persistent and follow up. Be aware that\n                                                                 these measures may not entirely stop new fraudu-\nnumbers.\n                                                                 lent accounts from being opened by the imposter.\nContact your financial institution and request new\nbank account numbers, ATM cards, and checks. Put                 NOTE: Keep detailed written records of all con-\nstop payments on any outstanding checks that you                 versations and actions taken to recover from iden-\n                                                                 tity theft. Include names, titles, date/time, phone\nare unsure of.\n                                                                 number, exact circumstances, and action\nGive the bank, credit card, and utility companies a              requested. Note time spent and any expenses\nNEW secret password and PIN numbers for new ac-                  incurred. Send confirmation correspondence by\ncounts. Do not use old PINs, passwords, or your                  certified mail (return receipt).\nmother\xe2\x80\x99s maiden name.\n                                                                 Special Issues Related to Identity Theft\nRequest a new driver\xe2\x80\x99s license with an alternate\n                                                                 Occasionally, victims of identity theft are wrong-\nnumber from the department of motor vehicles (DMV),\n                                                                 fully accused of crimes committed by the imposter\nand ask that a fraud alert be placed on your old one.\n                                                                 or attempts are made to hold them liable for civil\nFill out a DMV complaint form to begin the fraud in-\nvestigation process.                                             judgments. If this occurs, contact the court where\n                                                                 any civil judgment was entered and report that\nContact the Social Security Administration and                   you are a victim of identity theft. If you are sub-\nadvise them of your situation. Ask them to flag your             jected to criminal charges as a result, quickly\nSocial Security Number (SSN) for fraudulent use.                 provide proof to the prosecutor and investigative\nAlso order a copy of your Earnings and Benefits                  agency.\nStatement and check it for accuracy. Changing your\n                                                                 Your credit rating should not be permanently af-\nSSN is a difficult process and should be used only as\n                                                                 fected, and no legal action should be taken\na last resort.\n                                                                 against you as a result of identity theft. If any\nContact the post office and utility                              merchant, financial institution, or collection agency\ncompanies to ensure that no billing                              suggests otherwise, simply restate your willing-\nor address changes are made to your                              ness to cooperate, but don\xe2\x80\x99t allow yourself to be\naccount without a written request                                coerced into paying fraudulent bills.\n\n    OIG Information Digest                                                                                      Page 3\n\x0cIdentity Theft Scams\nWatch Out For Scams                                  fees, in fact, prize offers where you have to pay or\n                                                     make a purchase to be eligible are illegal.\nLower credit card rates. With this scheme,\nsomeone calls and says they are with your            ATM Debit Cards. If your ATM card is lost or stolen,\ncredit card issuer. They say they can lower your     immediately notify your banking institution. If you re-\ninterest rate, but they need to have your card\xe2\x80\x99s     port the loss or theft within 2 days you will only be\nexpiration date or part of your account number.      liable for $50. If you report the loss or theft after 2\nHANG UP! Your card issuers already have this         business days but within 60 days after the unauthor-\ninformation.                                         ized electronic fund transfer appears on your state-\n                                                     ment, you could lose up to $500 of what the thief with-\nPrizes and sweepstakes. A large part of tele-        draws. If you wait more than 60 days to report the loss\nmarketing fraud complaints are\n                                                     or theft, you could lose all the money that was taken\ndue to phony sweepstakes. In\nthese scams, someone phones                          from your account after the end of the 60 days. Check\nor emails to tell you that you\xe2\x80\x99ve                    with your own financial institution to find out about\nwon a prize. You are informed                        their policy.\nthat all you have to do to collect                   Recovery Scams. Scammers can purchase lists of\nit is send a certified check or                      those who have been swindled before. They call\nprovide a credit card number to cover the \xe2\x80\x9ccost      these people and claim that a victim\xe2\x80\x99s lost money can\nof processing\xe2\x80\x9d your award. Save your money.          be recovered if he or she pays a fee. Don\xe2\x80\x99t buy it.\nLegitimate awards do not charge processing           Legitimate law enforcement agencies don\xe2\x80\x99t charge to\n                                                     help victims of telemarketing or online fraud.\n\n\n                                                Phishing\nPhishing is an email scam that Internet fraud-        government agency or a company they know.\nsters use to try and trick consumers into reveal-     Sometimes the phisher urges intended victims to\ning personal information such as debit and credit     \xe2\x80\x9cconfirm\xe2\x80\x9d account information that has been \xe2\x80\x9cstolen\xe2\x80\x9d\naccount numbers, checking account information,        or \xe2\x80\x9clost.\xe2\x80\x9d Other times the phisher entices victims to\nSocial Security Numbers, or banking account           reveal personal information by telling them they\npasswords through fake Web sites or in a reply        have won a special prize or earned an exciting\nemail. The most common                                reward.\nform of phishing is by email,\n                                                      Do not click on a link embedded within any poten-\nalthough sometimes phish-\n                                                      tially suspicious email, especially if the email\ners may contact you by tele-\n                                                      requests personal information. If you do, you might\nphone. While you are on\nyour computer, an email may appear from a\nbank, an internet auction site, or some shopping\nsite that you may have used at one time. This\nemail asks you to validate or update personal\ninformation for a phony scheme. They may\neven threaten drastic consequences if you don\xe2\x80\x99t\ncomply. Don\xe2\x80\x99t fall for it.\nHow to spot a phishing email\nPhishing emails, and the Web site they link to,\ntypically use familiar logos and familiar graphics\n(as shown in next column) to deceive consum-\ners into thinking the sender or web owner is a\n\n  Page 4\n                                                                                 OIG Information Digest\n\x0c                                             Phishing (cont. from page 4)\nbe greeted with an official looking form like the fol-          legitimate, such as those provided on your\nlowing one. If you were to fill this out, you would be          monthly statements.\n                                                            \xe2\x80\xa2   Do not send personal information in response to\n                                                                an email request from anyone or any entity.\n                                                            \xe2\x80\xa2   Be cautious. Check your monthly statement to\n                                                                verify all transactions.\n\n\n                                                            The first line of defense is from your Internet Ser-\n                                                            vice Provider (ISP). ISP\xe2\x80\x99s have a wide variety of\n                                                            tools to identify messages that may be from phish-\n                                                            ers. These include blacklists from known phishing\n                                                            emails, Web sites, and programs that recognize\n                                                            telltale signs of phishing within the messages. Your\n                                                            ISP can recognize and even keep these phishing\n                                                            emails from ever entering your inbox. Look for in-\ngiving an identity thief everything he needs.\n                                                            formation from your ISP about what it is doing to\n                                                            protect you from phishing emails.\nLook for these red flags in the email:\n\xe2\x80\xa2     Asks you to provide personal information such         Phishing can also occur in other ways. Here is an\n      as your bank account number, an account pass-         example of a phishing phone call:\n      word, credit card number, PIN number, mother\xe2\x80\x99s\n                                                            \xe2\x80\x9cIs this Mr. Johnson?\xe2\x80\x9d I\xe2\x80\x99m\n      maiden name, or Social Security Number.\n                                                            calling from XYZ bank. Do\n\xe2\x80\xa2     Does not address you by your name                     you have a Visa card? I\n\xe2\x80\xa2     No confirmation of the company that does busi-        need to verify your ac-\n      ness with you, such as referencing a partial ac-      count because it seems\n      count number                                          someone may be fraudu-\n                                                            lently charging purchases\n\xe2\x80\xa2     Warns that your account will be shut down\n                                                            to your account. Can you\n      unless you reconfirm your financial information.\n                                                            read me the account num-\n\xe2\x80\xa2     Warns that you have been a victim of fraud            ber and expiration date on the front? OK, now the\n\xe2\x80\xa2     Spelling or grammatical                               last four digits on the back\xe2\x80\xa6\xe2\x80\x9d GOTCHA!!\n      errors.                                               Here is another one:\n                                                            \xe2\x80\x9cHello, Charlotte Webb? I represent DKO company\nThe best way to protect                                     and our records show that you have an overdue bill\nyourself from any scam is                                   of $500 plus interest and penalties. You don\xe2\x80\x99t know\nthe following:                                              anything about this? Well, there could be a mix-up.\n\xe2\x80\xa2     View any email for finan-                             Is your address 789 Spider Way? What is your So-\n      cial information or other                             cial Security Number?\xe2\x80\x9d GOTCHA!\n      personal data with suspi-                             Never give out personal information over the tele-\n      cion.                                                 phone to someone who calls you. Only if you\n\xe2\x80\xa2     Do not reply to the email and do not respond by       initiate the phone call should you provide your per-\n      clicking on a link within the email message           sonal information.\n\xe2\x80\xa2     Contact the actual business that allegedly sent\n      the email to verify if it is genuine. Call a phone\n      number or visit a Web site that you know to be\n\n    OIG Information Digest                                                                             Page 5\n                                         O\n\x0c                          OIG Cases Involving Identity Theft\n\n Both of the following are actual identity theft incidents which occurred within the past two years and were\n investigated by the NRC/OIG.\n\n\n\nO    IG was contacted by an NRC employee who\n     related that she had\nreceived a call from an apart-\n                                                           picture alongside the first employee\xe2\x80\x99s name. Addi-\n                                                           tionally, after fail-\n                                                           ing to pay her\nment complex manager. The                                  rent she used the\nmanager was attempting to                                  first employee\xe2\x80\x99s\ncollect unpaid rent from the                               name at a DC\nemployee. However, the                                     Landlord and\nemployee had never rented                                  Tenant Court\nan apartment at that complex.                              hearing.\n                                                           OIG coordinated\nOIG\xe2\x80\x99s investigation revealed that another NRC              this investigation\nemployee had used the first employee\xe2\x80\x99s name and            with the Wash-\nidentification information to rent an apartment. This      ington, DC Met-\nemployee had a poor credit history and believed an         ropolitan Police. The subject of this investigation\napplication in her own name would have been                admitted to her actions and resigned her position\nturned down. The perpetrator had obtained details          with the NRC. She was also charged in District of\nabout the first employee, including her Social Secu-       Columbia Federal Court, where she pled guilty and\nrity Number, from various documents, such as travel        was fined and sentenced to 14 months incarcera-\nvouchers. The victim\xe2\x80\x99s supervisor\xe2\x80\x99s signature was\n                                                           tion.\nalso falsified on an employment verification form,\nand was accompanied with a xeroxed copy of her\nNRC badge that had been altered to contain her\n\n\n\nO    IG was contacted by an NRC inspector who had\n     found numerous unauthorized charges on her\nNRC travel card billing statement. The transactions\n                                                           OIG worked jointly with the Michigan State Police\n                                                           and apprehended the clerk. During an interview,\n                                                           the clerk fully admitted her illegal activities. She\nincluded purchases on Ebay and cell phone charges.         subsequently pled guilty and was sentenced to 6\nThe charges totaled over $2,000.                           months in jail.\nOIG contacted the merchants and obtained details\nregarding each of the transactions. This investigation\nultimately revealed that the inspector had been on\nofficial travel shortly before the unauthorized transac-\ntions began. The inspector\xe2\x80\x99s credit card information,\nincluding the verification number on the back, had\nbeen copied by a hotel front desk clerk. The clerk,\nwho had previous convictions for forgery and counter-\nfeiting, then used the credit card account number to\nmake purchases on the Internet auction site, Ebay,\nwhich she had shipped to her residence. Addition-\nally, the clerk used the credit card number to pay for\n\xe2\x80\x9cring-tones\xe2\x80\x9d and other items downloaded to her per-\nsonal cell phone.\n\n\nPage 6                                                                         OIG Information Digest\n                                      O\n\x0c                         Important Numbers For Your Information\n\n                                               Important Numbers to Remember\nWeb Sites to Help You With Identity Theft\n                                               Social Security Administration Fraud Hotline\nFederal Trade Commission\n                                               1-800-269-0271\nwww.ftc.gov\n                                               To order your Social Security Earnings &\nFor Identity Theft\n                                               Benefits Statement, call\nwww.consumer.gov/idtheft\n                                               1-800-772-1213\n\nBanking Agencies\n                                               Credit Reporting Bureaus\nFederal Deposit Insurance Corporation\n                                               Equifax: to report fraud\nwww.fdic.gov\n                                               www.equifax.com\n                                               P.O. Box 740241\nFederal Reserve System\n                                               Atlanta, GA 30374-0241\nwww.federalreserve.gov\n                                               1-800-525-6285\n                                               Equifax: to order credit report\nNational Credit Union Administration\n                                               1-800-685-1111\nwww.ncua.gov\n\n                                               Experian: to report fraud and order credit report\nOffice of the Comptroller of the Currency\n                                               1-888-397-3742, www.experian.com\nwww.occ.treas.gov\n\n                                               Trans Union: to report fraud\nOffice of Thrift Supervision\n                                               www.transunion.com\nwww.ots.treas.gov\n                                               1-800-680-7289\n                                               Trans Union: to order credit report\n                                               1-800-916-8800\n\n\n\n\n  OIG Information Digest                                                              Page 7\n\x0c                                        We\xe2\x80\x99re on the WEB! Access\n  Organization\n                                        the HOTLINE Thru the NRC\n     United States Nuclear\n                                                Website!\n    Regulatory Commission\n\n\n Office of the Inspector General\n 11555 Rockville Pike\n Mail Stop T 5D28\n Rockville, MD 20852\n\n\nHotline Telephone - 800-233-3497\nFax: 301-415-5091                  \xe2\x80\xa2   Go to www.nrc.gov\n                                   \xe2\x80\xa2   Scroll down to the bottom of the\n                                       page and click on Inspector General\n                                   \xe2\x80\xa2   Click on the phone symbol on the\n                                       right\n                                   \xe2\x80\xa2   Scroll down to the highlighted area\n                                       that says Submit an online form\n                                   \xe2\x80\xa2   Fill out the form with all pertinent\n                                       information and click submit\n\n\n\n\n  Page 8                                               OIG Information Digest\n\x0c'